1. How Do I Connect IPsec Between NG Firewall And My IPsec Device

IPsec should work with any compatible endpoint, but unfortunately Untangle doesn't have the resources to test against specific devices. We do have a few documented configurations and links to those articles are listed below. If you are trying to use something not listed, try to get the settings to match as close as possible but if still having issues open a ticket with Technical Support.

2. Can I Use IPsec On A Server That Uses DHCP To Get Its External Address?

It is recommended use IPsec VPN on NG Firewalls configured with static IPs. However, technically it can work with DHCP, but you will need to reconfigure the tunnel whenever the IP address actually changes. On some ISPs this is rare and servers will often have the same IP for months. On other ISPs IPs change daily.

3. If I Install Untangle Behind A NAT Device, What Do I Need To Forward To NG Firewall For IPsec VPN To Connect?

You will need to forward ESP, AH, and UDP port 500 from the public IP to the NG Firewall server. You may also need to enable NAT traversal. It is recommended to give NG Firewall a public IP if you want to set up IPsec tunnels.

No. Currently all traffic coming and entering an IPsec tunnel is bypassed. The other apps will not see this traffic.

5. What's The Difference Between Tunnel And Transport Mode?

When using "tunnel" mode, you can think of the payload packet as being completely encased in another packet. In addition, IPsec can allow or deny packets access to the tunnel depending on policies. When using "transport" mode, communication is limited between two hosts. Only one IP header is present, with the rest of the packet being encrypted. Unless you have very specific needs, you'll most likely want to use "tunnel" mode.